Policy commit failures due to profiles exceeding platform capacity using version 10.1.8-h2

We have not updated the number of profiles and have been successfully committing policy for probably a year with this same number of policies, but all of a sudden we are not able to commit policy pushes either from gui or cli.

We have gone through

Interface migration to fiber over SFP 10G

Hello team,

I have a Palo Alto 3220 cluster that is connected to a CORE switch over ethernet and I need to migrate that connection to fiber over SFP 10G converter.

I am trying to define a procedure to migrate with no downtime and I had thought to s

Packets dropped: forwarded to different zone

We have a PaloAlto firewall that we have configured differrent zones, everything is working fine, except for a specific traffic between IP 10.40.129.49 and 172.26.2.58.  The 10.40.129.49 is located on a subnet directly in a zone defined on the firewa

How can I block browser extensions (VPN)?

Greetings and happy new year.

I have seen that from my internal network people use VPNs that are installed as extensions in the Google Chrome browser (veepn) to circumvent the URL Filtering of the FW.

Does anyone know how to block these extensions?

I

Malicious IP address log sudden increasein traffic

Our Malicious IP Traffic Alert typically registers a few dozen hits a day. However over the last weekend this has suddenly increased to a couple of thousand a day. I cannot see anything different apart from the quantity. The IP addresses are the same

Question about setting memory oid value when setting paloalto snmp

Hello. There is something I need to check about SNMP settings.

1. I see the memory value I use with packet buffer protection, is there a way to remove it?

2. If not, can I know how much memory PBP uses?

This is required for threshold setting in t

IP blocked then allowed

Hi, 
I'm reviewing a logs regarding a low reputation IP which in the first log it's action is dropped, and 5 minutes later 3 logs with action allowed. Why does it dropped then allowed it?

Logs

category: spyware

action: dropped

Threat Name: CobaltStrike

XFF

hi.

It's not really a big deal, but when using URL-Filter Logging, would it be possible to log  X-Forwarded-for X-Forwarded-for if the HTTP Request Method is CONNECT?

Is there any documentation or support for this?

Thank you.

Please kindly repl

PA-410 bug - disable-predefined-reports

PA-410 running PAN-OS 11.1.0. This firewall had been upgrade from 10.2.latest to 11.1.0.

After making an unrelated change to mitigate CVE-2023-48795, validate fails with:

Could not get schema node for xpath /config/devices/entry[@name='localhost.lo

Strata Sales training guide

Hi team,

I m new in the system as a sales solution specialist i see the Prisma SASE and Prisma cloud having the proper sales pre sales post sales guide to understand the in depth product where i came to strata there is no Sales guide i found can an

Cannot change action for special Threat ID

On our 5410 with PANOS 10.2.7-h3 installed I can see a lot of threats with ID 89953 (Inline Cloud Analyzed Unknown-TCP Command and Control Traffic Detection), severity = high, default action = alert.

I want to change the default action via Anti-Spywa

Palo alto Credits Problem

I have a problem when quoting credits. I get the following message:

"There is no Software NGFW Credits product on this Quote, the Credit Estimator is not needed."

Could it be a website problem?

thnks.

Sending traffic logs with Syslogs (UDP) from PA-440 -> Collector Server in Azure -> LimaCharlie organization not working

I am trying to send Syslog from my PA-440 to a LimaCharlie organization.

This is the setup

PA-400 --Syslog--> Virtual Machine in Azure running Ubuntu with LimaCharlie Adapter --HTTPS--> LimaCharlie.io

This is what I have done in the PA-440